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Docket No. 1454.1053/MJH 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Application of: 
Steffen FRIES et al. 

Serial No.: NEW Group Art Unit: To be assigned 

Filed: March 30, 2001 Examiner: To be assigned 

For: METHOD AND SYSTEM FOR UPDATING A PASSWORD 

PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

Before examination of the above-identified application, please amend the application as 
follows: 

IN THE SPECIFICATION 

Please REPLACE the pending specification with the SUBSTITUTE SPECIFICATION 
attached hereto. ' 

IN THE ABSTRACT 

Please REPLACE the originally filed Abstract with the enclosed Substitute Abstract. 

IN THE CLAIMS 



Please CANCEL claims 1-12 without prejudice or disclaimer of any of the subject 
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matter claimed therein. 

Please ADD new claims in accordance with the following: 

13. (NEW) A method for updating a password between a first computer and a second 
computer, comprising: 

receiving at the second computer a service request message transmitted by the first 
computer over a communication link existing between the first computer and the second 
computer, the service request message containing the password, and being used to request 
provision of a service; 

checking, at the second computer, whether the password contained in the service 
request message is valid for the first computer; 

if the password is valid, providing the service; 

if the password is invalid, transmitting from the second computer to the first computer 
an update message to request that the password be updated; and 
forming an updated password. 

14 (NEW) The method as claimed in claim 13, wherein after the updated password is 
formed, the service request message transmitted by the first computer to the second computer 
contains the updated password and the second computer checks whether the updated password 
is valid. 
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15. (NEW) The method as claimed in claim 13, wherein the updated password is 
formed in the following manner: 

the first computer transmits to the second computer a password message containing the 
updated password, such that the updated password can be ascertained only by using the 
password, 

the second computer uses the password to ascertain the updated password from the 
password message, and 

the second computer stores the updated password. 

16. (NEW) The method as claimed in claim 15, wherein the password message 
contains the updated password in an encrypted form, the key for encrypting the updated 
password being formed on the basis of the password. 

17. (NEW) The method as claimed in claim 16, wherein the key is formed by 
stringing together the password a number of times. 

18. (NEW) The method as claimed in claim 15, wherein the second computer 
transmits an acknowledgment message to acknowledge the use of the updated password within 
the context of the communication link. 
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19. (NEW) The method as claimed in claim 13, wherein before the second computer 
checks whether the password is valid, the second computer authenticates the first computer 
using an authentication token for the first computer, which is contained in the service request 
message. 

20. (NEW) The method as claimed in claim 13, wherein the check to determine 
whether the password contained in the service request message is valid is performed using a 
monitor database indicating whether the second computer has previously transmitted an update 
message to the first computer. 

21. (NEW) The method as claimed in claim 13, wherein 

the service request message contains a statement relating to integrity protection, 
the second computer checks the received service request message for its integrity, 
the password is checked only if the integrity of the service request message is ensured, 

and 

if the integrity of the service request message is not ensured the requested service is 
refused. 

22. (NEW) A system for updating a password between first and second computers, 
comprising: 
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a receiving unit to receive at a second computer a service request message transmitted 
by the first computer over a communication link existing between the first computer and the 
second computer, the service request message containing the password, and being used to 
request provision of a service; 

a checking unit to check at the second computer, whether the password contained in the 
service request message is valid for the first computer; 

a providing unit to provide the service requested if the password is valid; 

a transmission unit to transmit, if the password is invalid, an update message from the 
second computer to the first computer, the update message being used to request that the 
password be updated; and 

a forming unit to form an updated password. 

23. (NEW) The system as claimed in claim 22, wherein after the updated password is 
formed, the service request message transmitted by the first computer to the second computer 
contains the updated password and the second computer checks whether the updated password 
is valid. 

24. (NEW) The system as claimed in claim 22, wherein the forming unit comprises: 
a transmit unit at the first computer to transmit to the second computer a password 

message, containing the updated password, such that the updated password can be ascertained 
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only by using the password, 

a processor unit at the second computer to use the password to ascertain the updated 
password from the password message, and 

a memory at the second computer to store the updated password. 

25. (NEW) The system as claimed in claim 22, wherein there are a plurality of first 
computers, each of which has a password in common with the second computer, the password 
in each case being unique for the communication link between the respective first computer and 
the second computer. 

26. (NEW) The system as claimed in claim 25, wherein there are a plurality of second 
computers, each of which has a password in common with each first computer, the password in 
each case being unique for the communication link between the respective second computer 
and the respective first computer. 

27. (NEW) At least one computer readable medium storing at least one program for 
controlling at least one computer to perform a method comprising: 

receiving at the second computer a service request message transmitted by the first 
computer over a communication link existing between the first computer and the second 
computer, the service request message containing the password, and being used to request 
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provision of a service; 

checking, at the second computer, whether the password contained in the service 
request message is valid for the first computer; 

if the password is valid, providing the service; 

if the password is invalid, transmitting from the second computer to the first computer 
an update message to request that the password be updated; and 
forming an updated password. 

28. (NEW) The at least one computer readable medium as claimed in claim 27, 
wherein after the updated password is formed, the service request message transmitted by the 
first computer to the second computer contains the updated password and the second computer 
checks whether the updated password is valid. 

29. (NEW) The at least one computer readable medium as claimed in claim 27, 
wherein the updated password is formed in the following manner: 

the first computer transmits to the second computer a password message containing the 
updated password, such that the updated password can be ascertained only by using the 
password, 

the second computer uses the password to ascertain the updated password from the 
password message, and 
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the second computer stores the updated password. 

30. (NEW) The at least one computer readable medium as claimed in claim 29, 
wherein the password message contains the updated password in an encrypted form, the key 
for encrypting the updated password being formed on the basis of the password. 

31 . (NEW) The at least one computer readable medium as claimed in claim 30, 
wherein the key is formed by stringing together the password a number of times. 

32. (NEW) The at least one computer readable medium as claimed in claim 29, 
wherein the second computer transmits an acknowledgment message to acknowledge the use of 
the updated password within the context of the communication link. 

33. (NEW) The at least one computer readable medium as claimed in claim 27, 
wherein before the second computer checks whether the password is valid, the second 
computer authenticates the first computer using an authentication token for the first computer, 
which is contained in the service request message. 



34. (NEW) The at least one computer readable medium as claimed in claim 27, 
wherein the check to determine whether the password contained in the service request message 
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is valid is performed using a monitor database indicating whether the second computer has 
previously transmitted an update message to the first computer. 

35. (NEW) The at least one computer readable medium as claimed in claim 27, 
wherein 

the service request message contains a statement relating to integrity protection, 
the second computer checks the received service request message for its integrity, 
the password is checked only if the integrity of the service request message is ensured, 

and 

if the integrity of the service request message is not ensured the requested service is 
refused. 

REMARKS 

This Preliminary Amendment is submitted to improve the form of the specification as 
originally-filed. It is respectfully requested that this Preliminary Amendment be entered in the 
above-referenced application. 

In accordance with the foregoing, claims 1-12 have been canceled and claims 13-35 
have been added. Claims 13-25 are pending and are under consideration. 

A substitute specification is also being filed herewith. The substitute specification is 
accompanied by a marked-up copy of the original specification. No new matter has been 
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added. 



If there are any questions regarding these matters, such questions can be addressed by 
telephone to the undersigned. Otherwise, an early action on the merits is respectfully solicited. 

If any further fees are required in connection with the filing of this Preliminary 
Amendment, please charge same to our Deposit Account No. 19-3935. 



700 Eleventh Street, N.W. 
Suite 500 

Washington, D.C. 20001 
(202) 434-1500 

Date: fiiok fjOtto] 



Respectfully submitted, 



STAAS & HALSEY LLP 




Mark J. Henr# 
Registration No. 36,162 
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SUBSTITUTE SPECIFICATION 



TITLE OF THE INVENTION 

METHOD AND SYSTEM FOR UPDATING A PASSWORD 

BACKGROUND OF THE INVENTION 

The invention relates to a method and a system for updating a password. 

Reference (1) discloses a method and system such that, if a user wants to use the 
system, the user is asked to enter a password into the system. Once the password has been 
entered by the user, the system uses a database to check whether or not an entered password is 
a valid password for the user. 

The system's database stores a list containing permissible users of the system. Each 
user is allocated a respective password which is stored and has the entered password compared 
with it. Each password is also allocated a time statement. The time statement is used to indicate 
the period of time for which the password will be valid. If the period of time has elapsed, then 
the stored password becomes invalid, and the user is asked to update the password if he wants 
to use the system. 

The determination of whether the respective password is up to date, is made, to a 
certain extent, on the basis of the respective period of time, which ensures that the system has 
a higher level of protection against misuse or unauthorized ascertainment of a password. 
Reference (1) also discloses that the stated password can be stored in the database in scrambled 
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form (encrypted or formed using a one-way hash function). Reference (1) also discloses that 
the stated password can be transported in scrambled form via a communication link. An 
example of this is the Domain Logon in Windows NT. However, the time for changing the 
password is limited to the time of the login procedure. 
5 Reference (2) discloses a communication standard, the H.235 Standard, in which 

boundary conditions, in particular message formats, can be exchanged between interconnected 
computers within the scope of multimedia communication. 

3 

J The computers can be connected to one another logically or permanently. 

3 

n A disadvantage of the methods disclosed in reference (2) is, in particular, that only 

ilO static passwords can be used for a user. In this case, there is a relatively high likelihood of 

ft 

^ passwords stored in the computers being able to be ascertained and misused at some point in 
J time by an unauthorized third party, a hacker. Therefore, the protection of the individual 
2 computers is no longer ensured. 

Reference (3) discloses another communication standard, the H.225 Standard. 
15 Reference (4) describes the so-called Abstract Syntax Notation 1 (ASN.l), which is 

used to define the format of a message within the context of the standards known from 
references (2) and (3). 

An overview of protocols for updating cryptographic keys can be found in reference 

(5). 
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Particularly in the case of a large communication network having a multiplicity of 

interconnected computers, for example the Internet, the situation described above presents a 

high risk. 



SUMMARY OF THE INVENTION 

In response to the difficulties and problems of specifying a method and a system for 
updating a password between two interconnected computers, the present inventors propose a 
new method and a new system. 

The method for updating a password between a first computer and a second computer 
has the following steps: 

a) the second computer receives a service request message transmitted by the first 
computer over a communication link existing between the first computer and the second 
computer, the service request message containing the password, 

b) the service request message from the first computer is used to request provision of 
a service, 

c) the second computer checks whether the password contained in the service request 
message is valid for the first computer, 

d) if the password is valid, the service is provided, 

e) if the password is invalid, the second computer transmits to the first computer an 
update message which is used to request that the password be updated, and 

f) the first computer and/or the second computer form an updated password which is 
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subsequently used as the password within the context of the communication link. 

The system has at least one first computer and at least one second computer for 
updating a password between the computers, 

the first computer and the second computer each having a processor which is set up 
- 5 such that the following steps can be carried out: 

a) the second computer receives a service request message transmitted by the first 
computer over a communication link existing between the first computer and the second 

ij computer, the service request message containing the password, 

b) the service request message from the first computer is used to request provision of 
10 a service, 

c) the second computer checks whether the password contained in the service request 
message is valid for the first computer, 

* d) if the password is valid, the service is provided, 

e) if the password is invalid, the second computer transmits to the first computer an 
15 update message which is used to request that the password be updated, and 

f) the first computer and/or the second computer form an updated password which is 
subsequently used as the password within the context of the communication link. 

According to one aspect of the invention, it may be possible to update a password 
between two computers during a communication link existing between the two computers. The 
20 second computer can distinctly force the first computer into having to update the password 
when the first computer is requesting a service from the second computer. The second 
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computer thus ensures that the passwords are up to date, which increases the protection for 
communication between the computers. 

The developments described below apply both to the method and to the system; in the 
case of the development of the system, the respective processors in the computers are set up 
such that the development can be implemented. 

In one development, the updated password is formed in the following manner: 

a) the first computer transmits to the second computer a password message, 
containing the updated password, such that the updated password can be ascertained only by 
using the password, 

b) the second computer uses the password to ascertain the updated password from the 
password message, 

c) the second computer stores the updated password. 

The second computer can transmit an acknowledgement message which is used to 
acknowledge the use of the updated password within the context of the communication link. 

At the beginning of the method, the first computer is preferably authenticated by the 
second computer using an authentication token for the first computer, which is contained in the 
service request message. This increases the level of protection for the respective 
communication link. 

In another refinement, the check to determine whether the password contained in the 
service request message is valid for the first computer is performed using a monitor database 
indicating for the first computer whether the second computer has already transmitted an 
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update message to the first computer previously. This simplification makes the method faster to 
carry out, since a considerable computation time saving is obtained for the check. 

The service request message preferably contains a statement relating to the integrity 
protection for the service request message, said statement being used by the second computer 
to check the received service request message for its integrity. The method is carried out only 
if the integrity of the service request message is ensured; otherwise, the requested service is 
refused. This further increases the level of protection for the respective communication link. 

The password message contains the updated password preferably in encrypted form, the 
key for encrypting the updated password being formed on the basis of the password. This 
development creates a connection between the "old" password and the updated password. 
With the connection, perhaps only the owner of the password is actually able to ascertain the 
updated password. This improves the protection for the updated password when it is 
transmitted. 

The key is preferably formed by stringing together the password a number of times. 

Preferably, a plurality of first computers each have a password in common with the 
second computer, the password in each case being unique for the communication link between 
the respective first computer and the second computer. This allows for the method and system 
to be used very well in a large communication network in which a server, the second 
computer, offers a plurality of clients, the first computers, services over the communication 
network. 

In addition, a plurality of second computers can be provided which each have a 
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password in common with each first computer, the password in each case being unique for the 
communication link between the respective second computer and the respective first computer. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects and advantages of the present invention will become more 
5 apparent and more readily appreciated from the following description of the preferred 
embodiments, taken in conjunction with the accompanying drawings of which: 

Figure 1 shows a flowchart showing the method steps of the illustrative embodiment; 

and 

0 Figure 2 shows a sketch showing computers which are connected to one another via a 

communication network. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Reference will now be made in detail to the preferred embodiments of the present 
invention, examples of which are illustrated in the accompanying drawings, wherein like 
5 reference numerals refer to like elements throughout. 

Figure 2 shows a first computer 200 having a memory 202 and a processor 203 which 
are respectively connected to one another and to an input/output interface 201 via a bus 204. 

The input/output interface 201 is used to connect the first computer 200 to a screen 
205, to a keyboard 206 and to a computer mouse 207. 
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In addition, the first computer 200 is connected to other computers 210, 220, 230, 240 
and 250 via a communication network 260, in the example an ISDN network (Integrated 
Services Digital Network). 

The first memory 200 stores a database 208. 

The other computers 210, 220, 230, 240 and 250 likewise have a respective processor 
213, 223, 233, 243 and 253 and a respective memory 212, 222, 232, 242 and 252. The 
processor 213, 223, 233, 243 and 253 and the memory 212, 222, 232, 242 and 252 are 
respectively connected to the communication network 260 via a respective bus 214, 224, 234, 

244 and 254 via an input/output interface 211, 221, 231, 241 and 251. In addition, the other 
computers 210, 220, 230, 240 and 250 are respectively connected to a screen 215, 225, 235, 

245 and 255 and to a keyboard 216, 226, 236, 246 and 256 and to a computer mouse 217, 
227, 237, 247 and 257. 

Between the computers 200, 210, 220, 230, 240 and 250, the communication, i.e. 
protected interchange of multimedia data, takes place on the basis of the H.235 Standard, as 
described in reference (2). 

The first computer 200 is in the form of a server and provides various services for the 
other computers 210, 220, 230, 240 and 250. 

It is subsequently assumed that a second computer 210 wants to use a service from the 
first computer 200. 

At the beginning of the method, a communication link is set up between the second 
computer 210 and the first computer 200 on the basis of the methods described in references 



-9- 

DocketNo. 1454.1053 
Inventors: Steffen FRIES et al. 

(2) and (3). Once the communication link has been initialized, a logical connection exists 

between the second computer 210 and the first computer 200, i.e. the communication link has 

an associated logical channel which is uniquely identifiable. The logical channel is used to 

interchange messages 270, 280 between the computers 200, 210, 220, 230, 240, 250. 

If the communication link has been set up, the second computer 210 can use a service 
from the first computer 200, in this case a database query for a database 208 stored in the 
memory 202 of the first computer 200. The text below describes the method which is carried 
out when the second computer 210 wishes to ascertain from the first computer 200 data from 
the latter 's database 208. 

A user of the second computer 210 enters the desired criteria for the database query 
into the second computer 210. The second computer 210 forms a service request message 101 
(step 100) containing the criteria for the database query (cf. Figure 1). 

The service request message 101 also contains the following variables: 

an authentication token permitting the second computer 210 to be authenticated by 
the first computer 200; the authentication token permits the password to be presented in a 
different form (for example in encrypted form or formed using a one-way hash function as one- 
way hash value); 

an H. 23 5 address used to uniquely identify the first computer 200; 
a stated password PW for the user of the second computer 210. 

For each other computer 210, 220, 230, 240 and 250, the first computer 200 stores a 
password associated with the respective computer 210, 220, 230, 240 and 250. If a service 
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request message 101 formed by another computer 210, 220, 230, 240 and 250 contains a stated 
password which is the same as the stored password for the other computer 210, 220, 230, 240 
and 250, then the requested service is granted to the user, i.e. is implemented by the first 
computer 200. 

The password has a respective associated first time statement tl, used to indicate the 
time at which the password has been formed. The password also has a respective associated 
second time statement t2, used to indicate the period of time for which the password is valid. 

The service request message 101 is transmitted from the second computer 210 to the 
first computer 200 (step 102). 

Once the service request message 101 has been received in the first computer 200 (step 
103), the second computer 210 is authenticated using the authentication token in the service 
request message 101 (step 104). 

When the second computer 210 has been positively authenticated, the stated password 
PW is ascertained from the authentication token in the service request message 101 in a further 
step (step 105), and the stated password is compared with that password stored in the first 
computer 200 which is associated with the second computer 200 (step 106). 

If authentication is negative, the service request message 101 is discarded (step 110), 
and the requested service is not implemented. 

If the stated password PW and the password associated with the second computer 200 
match, then a check is carried out to determine whether the password is valid (step 107). This 
is done by ascertaining a current time t3 at which the service request message 101 has been 
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received by the first computer 200. 

If the stated password PW and the password associated with the second computer 200 
do not match, then the service request message 101 is discarded (step 115), and the requested 
service is not implemented. 

A check is carried out to determine whether the current time t3 is less than or equal to 
the sum of the first time statement tl and the second time statement t2, that is to say whether 
the following rule (1) is true: 

t3 < tl + t2. (1) 

If rule (1) is satisfied, then the stated password corresponds to the password, and the 
password is still valid. 

In this case, the service requested using the service request 101, that is to say the 
database query, is implemented by the first computer 200 (step 108), and the result of the 
database query is transmitted in a formed result message 116 (step 109) to the second computer 
210 (step 110), in which the result of the database query is processed further (step 111). 

If rule (1) is not satisfied, then, although the authentication which has taken place 
authorizes the second computer 210 to request the service, in principle, the password 
associated with the second computer 210 is no longer valid. 

In a further step (step 120), if a password is invalid, the first computer 200 forms an 
update message 121 and transmits it to the second computer 210 (step 122), said update 
message being used to request that the password be updated. In addition, the first computer 
200 sets a bit (monitor value) to a first value in a monitor database, said value being used to 
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indicate that the respective password is invalid and the appropriate update message 121 has 

been transmitted to the second computer 210. 

When the update message 121 has been received (step 123), the second computer forms 
an updated password aPW (step 124). 

If the second computer 210 does not keep to the prescribed procedure and generates a 
new service request without changing the password, then the first computer 200 is able to 
establish this after authentication of the second computer 210 and checking of the monitor 
value. If the monitor value has been set to the first value, the method can be terminated (step 
131). 

The updated password aP W is encrypted symmetrically on the basis of the Data 
Encryption Standard (DES). The key used to encrypt the updated password aPW is the 
password PW, which is also known and stored in the second computer 210. 

The encrypted updated password aPW is transmitted to the first computer (step 127) in 
a password message 125 formed by the second computer 210 (step 126). 

The password message 125 contains an integrity statement which can be used to check 
the integrity of the password message 125. 

Once the password message 125 has been received (step 128), the integrity of the 
password message (125) is checked (step 129). 

If the integrity check is negative, the password message 125 is discarded (step 130), 
and the method is terminated (step 131). 

If the integrity check is positive, the first computer 200 ascertains the encrypted 
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updated password aPW (step 132), and the updated password aPW is decrypted (step 133). 

In a further step, the ascertained updated password aPW is stored as the new password 
for the second computer 210 (step 134). In addition, the first computer 200 sets the appropriate 
monitor value in the monitor database to a second value, which is used to indicate that the 
respective password is valid. 

Next, the first computer 200 forms an acknowledgment message 135 (step 136) and 
transmits it to the second computer 210 (step 137), and said acknowledgment message is 
received by the second computer 210 (step 138). The acknowledgment message 135 is used to 
acknowledge to the second computer 210 the further use of the updated password aPW within 
the context of the communication link. 

In addition, the first computer 200 provides the service (step 108), forms the result 
message 116 (step 109) and transmits the result message 116 to the second computer 210 (step 
110). In the second computer 210, the result message 116 is processed further (step 111). 

The first computer 200 also sets the appropriate bit in the monitor database to a second 
value, which is used to indicate that the respective password is valid. 

When another service request message is received, in each case after receipt thereof, 
the first computer 200 uses the monitor database to check whether or not the respective 
password is valid. This allows the password to be checked very quickly. 

The messages used within the context of this method may be coded for example, on the 
basis of the H. 225.0 Standard, as is described in reference (3). 

To define the format (described below) of the individual messages, the Abstract Syntax 
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Notation 1 (ASN.l), for example, described in reference (4) may be used. 

The messages are coded as a NonStandardMessage provided in reference (3), as 
described below: 



NonStandardMessage SEQUENCE 

{ 

requestSeqNum RequestSeqNum, 

nonStandardData NonStandardParameter, 

tokens SEQUENCE OF ClearToken OPTIONAL, 

cryptoTokens SEQUENCE OF CryptoH323Token OPTIONAL, 

integrityCheckValue ICV OPTIONAL 



NonStandardParameter : SEQUENCE 
{ 

nonStandardldentifier NonStandardldentifier, 
data OCTET STRING 



NonStandardldentifier ::= CHOICE 
{ 

object OBJECT IDENTIFIER, 

h221NonStandard H221NonStandard, 



data : := SEQUENCE 
{ 

alias Gatekeeper-Identifier, 
confirm boolean, 

— optionally for the provision of integrity 
rejectReason PWUpdateRe jectReason OPTIONAL, 

hash_algorithm NonlsoIntegrityMechanism OPTIONAL, 

token HASHED OPTIONAL, 

— < alias, confirmation, new password> 



PWUpdateRe jectReason 
< 

notregistered 

pw_wrong 

pw_old 

} 



NULL, 
NULL, 
NULL, 



keep the old password 
keep the old password 
keep the old password 
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NonlsoIntegrityMechanism ::= CHOICE 

{ — HMAC mechanism used, no truncation, tagging may bei dem 

necessary! 

hMAC-MD5 NULL, 

hMAC-isol0118-2-s EncryptlntAlg, 

— according to ISO/IEC 10118-2 using 

— EncryptlntAlg as core block encryption algorithm 

— (short MAC) 

hMAC-isolOl 18-2-1 EncryptlntAlg, 

— according to ISO/IEC 10118-2 using 

— EncryptlntAlg as core block encryption algorithm 

— (long MAC) 

hMAC-isol0118-3 OBJECT IDENTIFIER, 

— according to ISO/IEC 10118-3 using 

— OID as hash function (OID is SHA-1, RIPE-MD160, 

— RIPE-MD128) 



EncryptlntAlg ::= CHOICE 

{ — core encryption algorithms for RAS message integrity 

nonstandard NonStandardParameter, 

isoAlgorithm OBJECT IDENTIFIER, — defined in 

ISO/IEC 9979 



AliasAddress 



el64 IA5String (SIZE (1..128)) (FROM (,,012345678 

h323-ID BMPString (SIZE (1..256)), 

— Basic ISO/IEC 10646-1 (Unicode) 

url-ID IA5String {SIZE (1..512)), 

— URL style address 
transport ID TransportAddress, 
email-ID IA5String {SIZE (1..512J), 

— rf c822-compliant email address 
partyNumber PartyNumber 
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A few alternatives to the illustrative embodiment described above are presented below: 

The type of integrity protection is, in principle, arbitrary, as is the encryption algorithm 
for encrypting the updated password. 

Providing the messages as nonstandard messages or nonstandard data field is not 
absolutely necessary. The messages may also be presented using protocol fields or messages 
which are to be newly defined, in the standards known from references (2) and (3). 

The method and the system are also not limited to the standards known from references 
(2) and (3). 

The service request message and/or the update message and/or the password message 
and/or the acknowledgment message can be formed separately as independent messages and 
can be transmitted separately between the computers which are involved. In addition, in one 
variant, the respective message can be transmitted between the computers involved together 
with other messages on the basis of the so-called "piggyback" principle. 

By transmitting an update request to the first computer, the second computer can also 
request that the first computer form a new password. On a similar basis to the above 
comments, the second computer can use a monitor database stored therein and the appropriate 
monitor value to check whether the first computer has satisfied its request to change the 
password. In the negative instance, the second computer can abort the communication and 
terminate the method. 
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SUBSTITUTE ABSTRACT 
A password is updated between a first computer and a second computer, where the 
second computer receives a service request message transmitted by the first computer over a 
communication link existing between the first computer and the second computer, the service 
request message containing the password, the service request message from the first computer 
is used to request provision of a service, the second computer checks whether the password 
contained in the service request message is valid for the first computer, if the password is 
valid, the service is provided, if the password is invalid, the second computer transmits to the 
first computer an update message which is used to request that the password be updated, and 
the first computer forms an updated password which is subsequently used as the password 
within the context of the communication link. 
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Description 

Method and arrangement for updating a password 

The invention relates to a method and an 
arrangement for updating a password. 

[1] discloses such a method and such an 
arrangement . 

In such an arrangement, if a user wants to use 
this arrangement, the user is asked to enter a password 
into the arrangement . Once the password has been 
entered by the user, the arrangement uses a database to 
check whether or not an entered password is a valid 
password for the user. 

The arrangement's database stores a list 
containing permissible users of the arrangement. Each 
user is allocated a respective password which is stored 
and has the entered password compared with it. Each 
password is also allocated a time statement. The time 
statement is used to indicate the period of time for 
which the password will be valid. If the period of time 
has elapsed, then the stored password becomes invalid, 
and the user is asked to update the password if he 
wants to use the arrangement. 

This means that the respective password is up to 
date, to a certain extent, on the basis of the 
respective period of time, which ensures that the 
arrangement has a higher level of protection against 
misuse or unauthorized ascertainment of a password. [1] 
also discloses that the stated password can be stored 
in the database in scrambled form (encrypted or formed 
using a one-way hash function) . [1] also 
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discloses that the stated password can be transported 
in scrambled form via a communication link. An example 
of this is the Domain Logon in Windows NT. However, the 
time for changing the password is limited to the time 
5 of the login procedure. 

[2] discloses a communication standard, the H.235 
Standard, in which boundary conditions, in particular 
message formats, can be exchanged between 
interconnected computers within the scope of multimedia 
10 communication. 

The computers can be connected to one another 
logically or permanently. 

A disadvantage of the methods disclosed in [2] is, 
in particular, that only static passwords can be used 
15 for a user, which means that there is a relatively high 
likelihood of passwords stored in the computers being 
able to be ascertained and misused at some point in 
time by an unauthorized third party, a hacker, which 
means that the protection of the individual computers 
2 0 is no longer ensured. 

[3] discloses another communication standard, the 
H.22 5 Standard. 

[4] describes the so-called Abstract Syntax 
Notation 1 (ASN.l), which is used to define the format 
2 5 of a message within the context of the standards known 
from [2] and [3] . 

An overview of protocols for updating 
cryptographic keys can be found in [5] . 
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Particularly in the case of a large communication 
network having a multiplicity of interconnected 
computers, for example the Internet, the situation 
described above presents a high risk. 
5 The invention is thus based on the problem of 

specifying a method and an arrangement for updating a 
password between two interconnected computers. 

The problem is solved by the arrangement and the 
method having the features in accordance with the 
10 independent claims. 

A method for updating a password between a first 
computer and a second computer has the following steps: 

a) the second computer receives a service request 
message transmitted by the first computer over a 

15 communication link existing between the first computer 
and the second computer, the service request message 
containing the password, 

b) the service request message from the first 
computer is used to request provision of a service, 

2 0 c) the second computer checks whether the password 

contained in the service request message is valid for 
the first computer, 

d) if the password is valid, the service is 
provided, 

25 e) if the password is invalid, the second computer 

transmits to the first computer an update message which 
is used to request that the password be updated, and 

f) the first computer and/or the second computer 
form an updated password which is subsequently used as 

3 0 the password within the context of the communication 

link. 
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An arrangement has at least one first computer and 
at least one second computer for updating a password 
between the computers, 

the first computer and the second computer each 
5 having a processor which is set up such that the 
following steps can be carried out : 

a) the second computer receives a service request 
message transmitted by the first computer over a 
communication link existing between the first computer 

10 and the second computer, the service request message 
containing the password, 

b) the service request message from the first 
computer is used to request provision of a service, 

c) the second computer checks whether the password 
15 contained in the service request message is valid for 

the first computer, 

d) if the password is valid, the service is 
provided, 

e) if the password is invalid, the second computer 
2 0 transmits to the first computer an update message which 

is used to request that the password be updated, and 

f) the first computer and/or the second computer 
form an updated password which is subsequently used as 
the password within the context of the communication 

2 5 link. 

The invention makes it possible to update a 
password between two computers during a communication 
link existing between the two computers. The second 
computer can distinctly force the first computer into 

3 0 having to update the password when the first computer 

is requesting a service from the second computer. This 
means that the second computer ensures that the 
passwords are up to date, which increases the 
protection for communication between the computers. 
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Preferred developments of the invention can be 
found in the dependent claims. 

The developments described below apply both to the 
method and to the arrangement; in the case of the 
5 development of the arrangement, the respective 
processors in the computers are set up such that the 
development can be implemented. 

In one development, the updated password is formed 
in the following manner: 
10 a) the first computer transmits to the second 

computer a password message, containing the updated 
password, such that the updated password can be 
ascertained only by using the password, 

b) the second computer uses the password to 
15 ascertain the updated password from the password 

message , 

c) the second computer stores the updated 
password . 

The second computer can transmit an 

2 0 acknowledgement message which is used to acknowledge 

the use of the updated password within the context of 
the communication link. 

At the beginning of the method, the first computer 
is preferably authenticated by the second computer 
25 using an authentication token for the first computer, 
which is contained in the service request message. This 
increases the level of protection for the respective 
communication link. 

In another refinement, the check to determine 

3 0 whether the password contained in the service request 

message is valid for the first computer is performed 
using a monitor database indicating for the first 
computer whether the second computer has already 
transmitted an update message to the first computer 
35 previously. This simplification makes the method faster 
to carry out, since a 
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considerable computation time saving is obtained for 
the check. 

The service request message preferably contains a 
statement relating to the integrity protection for the 
service request message, said statement being used by 
the second computer to check the received service 
request message for its integrity. The method is 
carried out only if the integrity of the service 
request message is ensured; otherwise, the requested 
service is refused. This further increases the level of 
protection for the respective communication link. 

The password message contains the updated password 
preferably in encrypted form, the key for encrypting 
the updated password being formed on the basis of the 
password. This development creates a connection between 
the "old" password and the updated password, which 
means that only the owner of the password is actually 
able to ascertain the updated password. This improves 
the protection for the updated password when it is 
transmitted . 

The key is preferably formed by stringing together 
the password a number of times. 

Preferably, a plurality of first computers is 
provided which each have a password in common with the 
second computer, the password in each case being unique 
for the communication link between the respective first 
computer and the second computer. This means that the 
invention can be used very well in a large 
communication network in which a server, the second 
computer, offers a plurality of clients, the first 
computers, services over the communication network. 

In addition, a plurality of second computers can 
be provided which each have a password in common with 
each first computer, 
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the password in each case being unique for the 
communication link between the respective second 
computer and the respective first computer. 

An illustrative embodiment of the invention is 
5 shown in the figures and is explained in more detail 
below : 

In the figures 

Figure 1 shows a flowchart showing the method steps of 
the illustrative embodiment; 
10 Figure 2 shows a sketch showing computers which are 
connected to one another via a communication 
network. 

Figure 2 shows a first computer 2 00 having a 
memory 202 and a processor 203 which are respectively 
15 connected to one another and to an input /output 
interface 201 via a bus 204. 

The input /output interface 2 01 is used to connect 
the first computer 200 to a screen 2 05, to a keyboard 
2 06 and to a computer mouse 2 07. 
20 In addition, the first computer 200 is connected 

to other computers 210, 220, 230, 240 and 250 via a 
communication network 260, in the example an ISDN 
network (integrated Services Digital Network) . 

The first memory 200 stores a database 208. 

2 5 The other computers 210, 22 0, 23 0, 24 0 and 250 

likewise have a respective processor 213, 223, 233, 243 
and 253 and a respective memory 212, 222, 232, 242 and 
252. The processor 213, 223, 233, 243 and 253 and the 
memory 212, 222, 232, 242 and 252 are respectively 

3 0 connected to the 
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communication network 260 via a respective bus 214, 
224, 234, 244 and 254 via an input/output interface 
211, 221, 231, 241 and 251. In addition, the other 
computers 210, 220, 230, 240 and 250 are respectively 
connected to a screen 215, 225, 235, 245 and 255 and to 
a keyboard 216, 226, 236, 246 and 256 and to a computer 
mouse 217, 227, 237, 247 and 257. 

Between the computers 200, 210, 220, 230, 240 and 
2 50, the communication, i.e. protected interchange of 
multimedia data, takes place on the basis of the H.235 
Standard, as described in [2] . 

The first computer 2 00 is in the form of a server 
and provides various services for the other computers 
210, 220, 230, 240 and 2 50. 

It is subsequently assumed that a second computer 
210 wants to use a service from the first computer 200. 

At the beginning of the method, a communication 
link is set up between the second computer 210 and the 
first computer 200 on the basis of the methods 
described in [2] and [3] . Once the communication link 
has been initialized, a logical connection exists 
between the second computer 210 and the first computer 
200, i.e. the communication link has an associated 
logical channel which is uniquely identifiable. The 
logical channel is used to interchange messages 270, 
280 between the computers 200, 210, 220, 230, 240, 250. 

If the communication link has been set up, the 
second computer 210 can use a service from the first 
computer 2 00, in this case a database query for a 
database 208 stored in the first computer 200. 
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The text below describes the method which is 
carried out when the second computer 210 wishes to 
ascertain from the first computer 200 data from the 
latter' s database 208. 
5 A user of the second computer 210 enters the 

desired criteria for the database query into the second 
computer 210. The second computer 210 forms a service 
request message 101 (step 100) containing the criteria 
for the database query (cf. Figure 1 ) . 
10 The service request message 101 also contains the 

following variables: 

an authentication token permitting the second 
computer 210 to be authenticated by the first computer 
2 00; the authentication token permits the password to 
15 be presented in a different form (for example in 
encrypted form or formed using a one-way hash function 
as one-way hash value) ; 

an H.235 address used to uniquely identify the 
first computer 200; 

2 0 a stated password PW for the user of the second 

computer 210. 

For each other computer 210, 220, 230, 240 and 
250, the first computer 200 stores a password 
associated with the respective computer 210, 220, 230, 
25 240 and 250. If a service request message 101 formed by 
another computer 210, 220, 230, 240 and 250 contains a 
stated password which is the same as the stored 
password for the other computer 210, 220, 230, 240 and 
250, then the requested service is granted to the user, 

3 0 i.e. is implemented by the first computer 20 0. 

The password has a respective associated first 
time statement tl, used to indicate the time at which 
the password has been formed. The password also has a 
respective associated 
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second time statement t2, used to indicate the period 
of time for which the password is valid. 

The service request message 101 is transmitted 
from the second computer 210 to the first computer 200 
5 (step 102) . 

Once the service request message 101 has been 
received in the first computer 200 (step 103) , the 
second computer 210 is authenticated using the 
authentication token in the service request message 101 
10 (step 104) . 

When the second computer 210 has been positively 
authenticated, the stated password PW is ascertained 
from the authentication token in the service request 
message 101 in a further step (step 105) , and the 
15 stated password is compared with that password stored 
in the first computer 200 which is associated with the 
second computer 200 (step 106) . 

If authentication is negative, the service request 
message 101 is discarded (step 110) , and the requested 

2 0 service is not implemented. 

If the stated password PW and the password 
associated with the second computer 200 match, then a 
check is carried out to determine whether the password 
is valid (step 107) . This is done by ascertaining a 
25 current time t3 at which the service request message 
101 has been received by the first computer 200. 

If the stated password PW and the password 
associated with the second computer 200 do not match, 
then the service request message 101 is discarded (step 

3 0 115) , and the requested service is not implemented. 
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A check is carried out to determine whether the 
current time t3 is less than or equal to the sum of the 
first time statement tl and the second time statement 
t2, that is to say whether the following is true: 
5 t3 < tl + t2 . (1) 

If rule (1) is satisfied, this means that the 
stated password corresponds to the password, and the 
password is still valid. 

In this case, the service requested using the 
10 service request 101, that is to say the database query, 
is implemented by the first computer 20 0 {step 10 8) , 
and the result of the database query is transmitted in 
a formed result message 116 (step 109) to the second 
computer 210 (step 110) , in which the result of the 
15 database query is processed further (step 111) . 

If rule (1) is not satisfied, this means that, 
although the authentication which has taken place 
authorizes the second computer 210 to request the 
service, in principle, the password associated with the 
20 second computer 210 is no longer valid. 

In a further step (step 120) , if a password is 
invalid, the first computer 2 00 forms an update message 
121 and transmits it to the second computer 210 (step 
122) , said update message being used to request that 
25 the password be updated. In addition, the first 
computer 200 sets a bit (monitor value) to a first 
value in a monitor database, said value being used to 
indicate that the respective password is invalid and 
the appropriate update message 121 has been transmitted 
30 to the second computer 210. 

When the update message 121 has been received 
(step 123) , the second computer forms an updated 
password aPW (step 124) . 
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If the second computer 210 does not keep to the 
prescribed procedure and generates a new service 
request without changing the password, then the first 
computer 200 is able to establish this after 
5 authentication of the second computer 210 and checking 
of the monitor value. If the monitor value has been set 
to the first value, the method can be terminated (step 
131) . 

The updated password aPW is encrypted 
10 symmetrically on the basis of the Data Encryption 
Standard (DES) . The key used to encrypt the updated 
password aPW is the password PW, which is also known 
and stored in the second computer 210. 

The encrypted updated password aPW is transmitted 
15 to the first computer (step 127) in a password message 
125 formed by the second computer 210 (step 126) . 

The password message 125 contains an integrity 
statement which can be used to check the integrity of 
the password message 125. 
2 0 Once the password message 125 has been received 

(step 128) , the integrity of the password message (125) 
is checked (step 129) . 

If the integrity check is negative, the password 
message 125 is discarded (step 130) , and the method is 
25 terminated (step 131) . 

If the integrity check is positive, the first 
computer 2 00 ascertains the encrypted updated password 
aPW (step 132) , and the updated password aPW is 
decrypted (step 133) . 
30 In a further step, the ascertained updated 

password aPW is stored as the new password for the 
second computer 
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210 (step 134) . In addition, the first computer 200 
sets the appropriate monitor value in the monitor 
database to a second value, which is used to indicate 
that the respective password is valid. 
5 Next, the first computer 2 00 forms an 

acknowledgement message 135 (step 136) and transmits it 
to the second computer 210 (step 137) , and said 
acknowledgement message is received by the second 
computer 210 (step 13 8) . The acknowledgement message 

10 135 is used to acknowledge to the second computer 210 
the further use of the updated password aPW within the 
context of the communication link. 

In addition, the first computer 200 provides the 
service (step 108) , forms the result message 116 (step 

15 109) and transmits the result message 116 to the second 
computer 210 (step 110) . In the second computer 210, 
the result message 116 is processed further (step 111) . 

The first computer 200 also sets the appropriate 
bit in the monitor database to a second value, which is 

20 used to indicate that the respective password is valid. 

When another service request message is received, 
in each case after receipt thereof, the first computer 
2 00 uses the monitor database to check whether or not 
the respective password is valid. This allows the 

2 5 password to be checked very quickly. 

The messages used within the context of this 
method are coded on the basis of the H. 225.0 Standard, 
as is described in [3] . 

To define the format (described below) of the 

3 0 individual messages, the Abstract Syntax Notation 1 

(ASN.l) described in [4] is used. 
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The messages are coded as a NonStandardMessage 
provided in [3] , as described below: 



NonStandardMessage ::= SEQUENCE 

( 

requestSeqNum RequestSeqNum, 
nonStandardData NonStandardParameter, 

tokens SEQUENCE OF ClearToken OPTIONAL, 

cryptoTokens SEQUENCE OF CryptoH323Token OPTIONAL, 

integrityCheckValue ICV OPTIONAL 



NonStandardParameter ::=> SEQUENCE 
{ 

nonStandardldentif ier NonStandardldentif ier , 
data OCTET STRING 

1 



NonStandardldentif ier ::= CHOICE 

{ 

object OBJECT IDENTIFIER, 

h221NonStandard H221NonStandard, 



data : := SEQUENCE 



confirm 



Gatekeeper I dent if ier , 
boolean, 



— optionally for the provision of integrity 
rejectReason PWUpdateRe j ectReason 

hash^algorithm NonlsoIntegrityMechani: 
token HASHED OPTIONAL, 

— < alias, conf irmatii 



OPTIONAL, 
m OPTIONAL, 



PWUpdateRe j ectReason ::= CHOICE 
{ 

notregistered NULL, — keep the old password 

pw_wrong NULL, — keep the old password 

pw_old NULL, — keep the old password 



GR 98 P 2821 

- 15 - 

NonlsoIntegrityMechanism ::= CHOICE 

( — HMAC mechanism used, no truncation, tagging may bei dem 

necessary! 

hMAC-MD5 NULL, 

hMAC-isol0118-2-s EncryptlntAlg, 

— according to ISO/IEC 10118-2 using 

— EncryptlntAlg as core block encryption algorithm 

— (short MAC) 

hMAC-isol0118-2-l EncryptlntAlg, 

~ according to ISO/IEC 10118-2 using 

— EncryptlntAlg as core block encryption algorithm 

— (long MAC) 

hMAC-isol0118-3 OBJECT IDENTIFIER, 

— according to ISO/IEC 10118-3 using 

— OID as hash function (OID is SHA-1, RIPE-MD160, 

— RIPE-MD128) 



EncryptlntAlg ::= CHOICE 

{ — core encryption algorithms for RAS message integrity 

nonstandard NonStandardParameter , 

isoAlgorithm OBJECT IDENTIFIER, — defined in 

ISO/IEC 9979 



AliasAddress : := CHOICE 

( 

el64 IASString (SIZE (1..128)) ( FROM ( ,,01234 5678 9#* , " ) ] , 

h323-ID BMPString (SIZE (1..256)), 

— Basic ISO/IEC 10646-1 (Unicode) 

url-ID IA5String (SIZE (1..512)), 

— URL style address 
transportID TransportAddress, 
email-ID IA5String (SIZE (1..512)), 

— rfc822-compliant email address 
partyNumber PartyNumber 



A few alternatives to the illustrative embodiment 
described above are presented below: 
5 The type of integrity protection is, in principle, 

arbitrary, as is the encryption algorithm for 
encrypting the updated password. 

Providing the messages as nonstandard messages or 
nonstandard data field is not absolutely necessary. The 
10 messages may also be presented using protocol fields 
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or messages which are to be newly defined, in the 
standards known from [2] and [3] . 

The method and the arrangement are also not 
limited to the standards known from [2] and [3] . 
5 The service request message and/or the update 

message and/or the password message and/or the 
acknowledgement message can be formed separately as 
independent messages and can be transmitted separately 
between the computers which are involved. In addition, 

10 in one variant, the respective message can be 
transmitted between the computers involved together 
with other messages on the basis of the so-called 
"piggyback" principle. 

By transmitting an update request to the first 

15 computer, the second computer can also request that the 
first computer form a new password. On a similar basis 
to the above comments, the second computer can use a 
monitor database stored therein and the appropriate 
monitor value to check whether the first computer has 

2 0 satisfied its request to change the password. In the 
negative instance, the second computer can abort the 
communication and terminate the method. 
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1. A method for updating a password between a 
first computer and a second computer, 

5 a) in which the second computer receives a service 

request message transmitted by the first computer over 
a communication link existing between the first 
computer and the second computer, the service request 
message containing the password, 
10 b) in which the service request message from the 

first computer is used to request provision of a 
service, 

c) in which the second computer checks whether the 
password contained in the service request message is 

15 valid for the first computer, 

d) in which, if the password is valid, the service 
is provided, 

e) in which, if the password is invalid, the 
second computer transmits to the first computer an 

20 update message which is used to request that the 
password be updated, and 

f) in which the first computer and/or the second 
computer form an updated password which is subsequently 
used as the password within the context of the 

25 communication link. 

2. The method as claimed in claim 1, 

in which the updated password is formed in the 
following manner: 

a) the first computer transmits to the second 
3 0 computer a password message, containing the updated 

password, such that the updated password can be 
ascertained only by using the password, 

b) the second computer uses the password to 
ascertain the updated password from the password 

3 5 message, 

c) the second computer stores the updated 
password. 

3. The method as claimed in claim 2, 
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in which. the second computer transmits an 
acknowledgement message which is used to acknowledge 
the use of the updated password within the context of 
the communication link. 
5 4. The method as claimed in one of claims 1 to 

3 , 

in which, at the beginning of the method, the 
first computer is authenticated by the second computer 
using an authentication token for the first computer, 
10 which is contained in the service request message. 

5 . The method as claimed in one of claims 1 to 

4 , 

in which the check to determine whether the 
password contained in the service request message is 
15 valid for the first computer is performed using a 
monitor database indicating for the first computer 
whether the second computer has already transmitted an 
update message to the first computer previously. 

6. The method as claimed in one of claims 1 to 

•20 5 , 

a) in which the service request message contains a 
statement relating to integrity protection for the 
service request message, 

b) in which the second computer checks the 
25 received service request message for its integrity, 

c) in which the method is carried out only if the 
integrity of the service request message is ensured, 
and 

d) otherwise, the requested service is refused. 

30 7. The method as claimed in one of claims 2 to 

6, 

in which the password message contains the updated 
password in encrypted form, the key for encrypting the 
updated password being formed on the basis of the 
35 password. 

8. The method as claimed in claim 7, 
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in which the key is formed by stringing together 
the password a number of times. 

9. An arrangement having at least one first 
computer and at least one second computer for updating 

5 a password between the computers, 

the first computer and the second computer each 
having a processor which is set up such that the 
following steps can be carried out : 

a) the second computer receives a service request 
10 message transmitted by the first computer over a 

communication link existing between the first computer 
and the second computer, the service request message 
containing the password, 

b) the service request message from the first 
15 computer is used to request provision of a service, 

c) the second computer checks whether the password 
contained in the service request message is valid for 
the first computer, 

d) if the password is valid, the service is 

2 0 provided, 

e) if the password is invalid, the second computer 
transmits to the first computer an update message which 
is used to request that the password be updated, and 

f) the first computer and/or the second computer 
25 form an updated password which is subsequently used as 

the password within the context of the communication 
link. 

10. The arrangement as claimed in claim 9, 

in which the processors are set up such that the 

3 0 updated password is formed in the following manner: 

a) the first computer transmits to the second 
computer a password message, containing the updated 



GR 98 P 2821 

•• - 21 - 

password, such that the updated password can be 
ascertained only by using the password, 

b) the second computer uses the password to 
ascertain the updated password from the password 

5 message, 

c) the second computer stores the updated 
password. 

11. The arrangement as claimed in claim 9 or 10, 
having a plurality of first computers which each 

10 have a password in common with the second computer, the 
password in each case being unique for the 
communication link between the respective first 
computer and the second computer. 

12 . The arrangement as claimed in one of claims 9 
15 to 11, 

having a plurality of second computers which each 
have a password in common with each first computer, the 
password in each case being unique for the 
communication link between the respective second 
2 0 computer and the respective first computer. 
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Abstract 

Method and arrangement for updating a password 

A password is updated between a first computer and 
a second computer, where 

a) the second computer receives a service request 
message transmitted by the first computer over a 
communication link existing between the first computer 
and the second computer, the service request message 
containing the password, 

b) the service request message from the first 
computer is used to request provision of a service, 

c) the second computer checks whether the password 
contained in the service request message is valid for 
the first computer, 

d) if the password is valid, the service is 
provided, 

e) if the password is invalid, the second computer 
transmits to the first computer an update message which 
is used to request that the password be updated, and 

f) the first computer forms an updated password 
which is subsequently used as the password within the 
context of the communication link. 
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Declaration and Power of Attorney For Patent Application 
Erklarung Fur Patentanmeldungen Mit Vollmacht 

German Language Declaration 



Als nachstehend benannter Erfinder erklare ich hiermit 
an Eides Statt: 



dass mein Wohnsitz, meine Postanschrift, und meine 
Staatsangehorigkeit den im Nachstehenden nach 
meinem Namen aufgefuhrten Angaben entsprechen, 



dass ich, nach bestem Wissen der urspriingliche, 
erste und alleinige Erfinder (falls nachstehend nur ein 
Name angegeben ist) Oder ein ursprunglicher, erster 
und Miterfinder (falls nachstehend mehrere Namen 
aufgefuhrt sind) des Gegenstandes bin, fur den dieser 
Antrag gestellt wird und fur den ein Patent beantragt 
wird fur die Erfindung mit dem Titel: 

Verfahren und Anordnunq zur 



Aktualisierunq eines Passwortes 



deren Beschreibung 

(zutreffendes ankreuzen) 
Q hier beigefugt ist. 

\E\ am 08. September 1999 als 
PCT internationale Anmeldung 
PCT Anmeldungsnummer PCT/DE99/02844 
eingereicht wurde und am _ 



abgeandert wurde (falls tatsachlich abgeandert). 



Ich bestatige hiermit, dass ich den Inhalt der obigedn 
Patentanmeldung einschliesslich der Anspriiche 
durchgesehen und verstanden habe, die eventuell 
durch einen Zusatzantrag wie oben erwahnt abgean- 
dert wurde. 



Ich erkenne meine Pflicht zur Offenbarung irgendwel- 
cher Informationen, die fur die Priifung der vorliegen- 
den Anmeldung in Einklang mit Absatz 37, Bundes- 
gesetzbuch, Paragraph 1.56(a) von Wichtigkeit sind, 



Ich beanspruche hiermit auslandische Prioritatsvorteile 
gemass Abschnitt 35 der Zivilprozessordnung der 
Vereinigten Staaten, Paragraph 119 aller unten ange- 
gebenen Auslandsanmeldungen fur ein Patent oder 
eine Erfindersurkunde, und habe auch alle Auslands- 
anmeldungen ftir ein Patent Oder eine Erfindersurkun- 
de nachstehend gekennzeichnet, die ein Anmelde- 
datum haben, das vor dem Anmeldedatum der 
Anmeldung liegt, fur die Prioritat beansprucht wird. 



As a below named inventor, I hereby declare that: 



My residence, post office address and citizenship are 
as stated below next to my name, 



I believe I am the original, first and sole inventor (if 
only one name is listed below) or an original, first and 
joint inventor (if plural names are listed below) of the 
subject matter which is claimed and for which a patent 
is sought on the invention entitled 



the specification of which 

(check one) 

D is attached hereto. 

□ was filed on 



PCT international application 

PCT Application No. 

and was amended on 



I hereby state that I have reviewed and understand the 
contents of the above identified specification, including 
the claims as amended by any amendment referred to 
above. 



I acknowledge the duty to disclose information which 
is material to the examination of this application in 
accordance with Title 37, Code of Federal 
Regulations, § 1.56(a). 



I hereby claim foreign priority benefits under Title 35, 
United States Code, §1 19 of any foreign application(s) 
for patent or inventor's certificate listed below and 
have also identified below any foreign application for 
patent or inventor's certificate having a filing date 
before that of the application on which priority is 
claimed: 



Form PTO-FB-240 (8-83) 



Page 1 of 3 

Patent and Trademark Office-U.S. DEPARTMENT OF COMMERCE 



Prior foreign appplications 
Prioritat beansprucht 


German Language Declaration 


Priority Claimed 


198 45 055.9 Germany 


30. SeDtember 1998 


m □ 


(Number) (Country) 
(Nummer) (Land) 


(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 


Yes No 
Ja Nein 








□ □ 


(Number) (Country) 
(Nummer) (Land) 


(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 


Yes No 
Ja Nein 








□ □ 


(Number) (Country) 
(Nummer) (Land) 


(Day Month Year Filed) 
(Tag Monat Jahr eingereicht) 


Yes No 
Ja Nein 


Ich beanspruche hiermit gemass Absatz 35 der Zivil- 
prozessordnung der Vereinigten Staaten, Paragraph 
120, den Vorzug aller unten aufgefuhrten Anmel- 
dungen und falls der Gegenstand aus jedem Anspruch 
dieser Anmeldung nicht in einer fruheren 
amerikanischen Patentanmeldung laut dem ersten 
Paragraphen des Absatzes 35 der Zivilprozeftordnung 
der Vereinigten Staaten, Paragraph 122 offenbart ist, 
erkenne ich gemass Absatz 37, Bundesgesetzbuch, 
Paragraph 1.56(a) meine Pflicht zur Offenbarung von 
Informationen an, die zwischen dem Anmeldedatum 
der fruheren Anmeldung und dem nationalen Oder 
PCT internationalen Anmeldedatum dieser Anmeldung 
bekannt geworden sind. 


I hereby claim the benefit under Title 35. United States 
Code. §120 of any United States application(s) listed 
below and, insofar as the subject matter of each of the 
claims of this application is not disclosed in the prior 
United States application in the manner provided by 
the first paragraph of Title 35, United States Code, 
§122, I acknowledge the duty to disclose material 
information as defined in Title 37, Code of Federal 
Regulations, §1 .56(a) which occured between the 
filing date of the prior application and the national or 
PCT international filing date of this application. 


(Application Serial No.) 
(Anmeldeseriennummer) 


(Filing Date) 
(Anmeldedatum) 


(Status) 

(patentiert, anhangig, 
aufgegeben) 


(Status) 

(patented, pending, 
abandoned) 


(Application Serial No.) 
(Anmeldeseriennummer) 


(Filing Date) 
(Anmeldedatum) 


(Status) 

(patentiert, anhangig, 
aufgeben) 


(Status) 

(patented, pending, 
abandoned) 


Ich erklare hiermit, dass alle von mir in der vorliegen- 
den Erklarung gemachten Angaben nach meinem 
besten Wissen und Gewissen der vollen Wahrheit 
entsprechen, und dass ich diese eidesstattliche Erkla- 
rung in Kenntnis dessen abgebe, dass wissentlich und 
vorsatzlich falsche Angaben gemass Paragraph 1001, 
Absatz 18 der Zivilprozessordnung der Vereinigten 
Staaten von Amerika mit Geldstrafe belegt und/oder 
Gefangnis bestraft werden koennen, und dass derartig 
wissentlich und vorsatzlich falsche Angaben die Gul- 
tigkeit der vorliegenden Patentanmeldung oder eines 
darauf erteilten Patentes gefahrden konnen. 


I hereby declare that all statements made herein of my 
own knowledge are true and that all statements made 
on information and belief are believed to be true, and 
further that these statements were made with the 
knowledge that willful false statements and the like so 
made are punishable by fine or imprisonment, or both, 
under Section 1001 of Title 18 of the United States 
Code and that such willful false statements may 
jeopardize the validity of the application or any patent 
issued thereon. 




Page 2 of 3 





Form PTO-FB-240 (8-83) Patent and Trademark Office-U.S. DEPARTMENT OF COMMERCE 



German Language Declaration 



VERTRETUNGSVOLLMACHT: Als benannter Erfinder 
beauftrage ich hiermit den nachstehend benannten 
Patentanwalt (oder die nachstehend benannten 
Patentanwalte) und/oder Patent-Agenten mit der 
Verfolgung der vorliegenden Patentanmeldung sowie 
mit der Abwicklung aller damit verbundenen Geschafte 
vor dem Patent- und Warenzeichenamt: (Name und 
Registrationsnummer anfuhren) 



POWER OF ATTORNEY: As a named inventor, I 
hereby appoint the following attorney(s) and/or 
agent(s) to prosecute this application and transact all 
business in the Patent and Trademark Office 
connected therewith, (list name and registration 
number) 



And I hereby appoint 



James D. Halsey, Jr. (Reg. No. 22,729^; Harry John Staas (Reg. No. 22,010); David M. Pitcher (Reg. No ...25J&8)^ John 
C. Garvey (Reg. No. 28,607);"j. Randall Beckers (Reg. No. .30J5&);. William F. Herbert (Reg. No.JDQ24); Richard A. 
Gollhofer (Reg. No. 31.106); Mark J. Henry (Reg. No. 36,162); Paul I. Kravetz (Reg. No. 35,230); Gene M. Garner II 
(Reg. No. J54J72); Michael D. Stein (Reg. No. 22,240).; Todd E. Marlette (Reg. No.J5^269); Norman L. Ourada 
(Reg. No. 41J35); Deborah S. Gladstein (Reg. ^.^3,636,)^ Jon H. Muskin (Reg. No . 43,82 4); Stephen Boughner (Reg. 
No. 45,317); John H. Stowe (Reg. No. 32JS63); C. Joan Gilsdorf (Reg. No. 43,635); Mehdi Sheikerz (Reg. No. 4 1,307); 
James G. McEwen (Reg. No. 41.983); Michael J. Badagliacca (Reg. No.. 39,099); Alicia M. Choi (Reg. No. P-46,621 ); 
Jon F. Hadidi (Reg. No, 46,427); and William M. Schertler (Reg. No. .35,348 (agent)). 



Telefongesprache bitte richten an: 
(Name und Telefonnummer) 



Direct Telephone Calls to: (name and telephone 
number) 

(202) 434-1500 



Send Correspondence to: 

Staas & Halsey LLP 

700 Eleventh Street, N.W. 
Washington, D.C. 20001 
U.S.A. 
Customer No. 21171 



Voller Name des einzigen Oder ursprunglichen Erfinders- 

FRIES. Steffen 7h/f)2/^Oo^ 


Full name of sole or first inventor: 


Unterschrift-des Erfinders ' Datum 


Inventor's signature Date 


Wohnsitz V ^'L^X/ 

D-81677 Munchen, Germany ' 


Residence 


Staatsangehdrigkeit 

Bundesrepublik Deutschland 


Citizenship 


Postanschrift 

Waqenbauerstr. 5 


Post Office Addess 


D-81677 Munchen 
Bundesrepublik Deutschland 




Voller Name des zweiten Miterfinders (falls zutreffend): 

H1QHNER, Martin 


Full name of second joint inventor, if any: 


Unter^chrift des Erfipders /> Datum 


Second Inventor's signature Date 


Wohnsitz It) BY 
D-81737lduncJieii, Germany A" 


Residence 


Staatsangehorigkeit 

Bundesrepublik Deutschland 


Citizenship 


Postanschrift 

Lorenzstr. 2 


Post Office Address 


D-81737 Munchen 
Bundesrepublik Deutschland 





(Bitte entsprechende Informationen und Unterschriften im (Supply similar information and signature for third and 
Falle von dritten und weiteren Miterfindern angeben). subsequent joint inventors). 
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